Why third party audits are good for food safetyAlex Briggs, Editor www.businessassurance.comIntroductionThe global food supply chain has become increasingly complex over the last 50 years. Rawmaterials are grown on one continent, processed on another, packaged on yet another andthen shipped and sold all over the world. This has led to new logistical challenges and adramatic increase in risks to both consumers and global brands as they battle for share ofsupermarket shelves. An incident in any part of the supply chain can have legal, brand andeven criminal repercussions for the food brand names that are a part of our daily lives. Tohelp mitigate such risks and to have better product traceability and control over their supplychain, many manufacturers and retailers have implemented a range of food safetymanagement systems standards and schemes, many of which have been independentlycertified. For most of the world, this has driven continual improvement, helped mitigate risks,led to increased efficiencies across the supply chain and helped suppliers reduce costs.However, in the US, two food safety crises over the past three years have led certaininterested parties to question the role and even complicity of both second and third partycertification industry in managing risks in the food supply chain.To help put into context where we are today, we should revisit a particular incident thatoccurred on Jan. 13th, 2009. On that date, the Peanut Corporation of America issued a recallfor products it had made over the past six months, after five people had died and more than400 had fallen ill with salmonella poisoning as a result of contamination. Two weeks later, therecall was extended to more than 400 consumer products made since Jan. 1, 2007, while thetoll from the contamination had reached eight dead and more than 500 sickened in 43 states,half of them children. The companys factory in Blakely, Ga., which was the source of thecontamination, supplied some of the largest food makers in the nation. The outbreakillustrated the complexities of the industrial food chain, and left consumers scrambling tofigure out if the food in their cabinets posed a danger. The Peanut Factory salmonella crisisled to a fundamental review of the approach to food safety in the US. The crisis was directlylinked to the US Government’s Food and Drug Agency (FDA) and their impossible task ofinspecting the plethora of food organisations in the US. Media articles, including an in-depthone in the New York Times, highlighted the failures in the auditing process, the lack ofrelevant experience of the auditor and auditing company as well as the lack of a robuststandard against which the audit was carried out. The article was accompanied by a range ofsupporting material that included insight from key food safety stakeholders, each stating whatthey thought was wrong with the inspection approach to auditing in the US food supply chainand outlining possible solutions.Out of this crisis came a new FDA plan, one which recognized the need for best practice andmore knowledgeable, better skilled auditors. Addressing best practice, the FDA studied the
approach to food safety taken by Australia, Holland and other nations who were considered tobe more successful in mitigating food supply chain risks. To address the limited resourceissue, the FDA installed a system that gave preferential treatment to organisations who coulddemonstrate a voluntary commitment to third-party inspection through independent audits andreports.Note the word inspection here, as that was the part of the approach that remainedunchanged after the FDA review post Peanut Factory crisis. This fact would come back tohaunt the food sector less than three years later.Fast forward almost three years and, once again, third-party auditing was at the centre of afood safety crisis in the US. Between September and December of 2011, a canteloupe-borneListeria outbreak killed 30 people, the deadliest food borne illness outbreak in the US in over25 years. As well as the deaths, 146 people became ill and a pregnant woman miscarried.A US federal investigation into the cantaloupe listeria outbreak found that the farm thatproduced them had ignored government safety guidelines. FDA officials who visited theJensen Farms facility stated that the outbreak could have been prevented if Jensen Farmshad maintained its facilities in accordance with existing FDA guidance. They found 13samples of Listeria monocytogenes obtained from processing equipment and cantaloupesand cited several deficiencies in Jensen Farms facility, such as dirty water pooling around thefood processing equipment, inappropriate food processing equipment which was difficult toclean and no antimicrobial solution in the water used to wash the cantaloupes.The congressional investigation report notes that Bio Food Safety, a subcontractor for PrimusLabs, a third party food safety auditor, which was hired by Jensen Farms, gave the facility a96% rating, "despite finding several major and minor deficiencies". Bio Food said the auditsonly deducted from the score if a method or technique was inconsistent with FDA regulations,but not if FDA guidance was not being followed – hence the rationale behind the high ratings.What is apparent is that the Jensen Farms audit was a ‘checklist approach’ and not a processbased audit which looks at the whole series of interacting processes that form a managementsystem. In parallel, and from widely available reports, it appears that the auditor from thesub-contracted firm to Primus had little or no food sector experience which only added to theproblem, raising even more questions about the 96% rating awarded to the site.If you are starting to think “wait a minute, haven’t we been here before?”, you are not alone.Both of these seismic events have highlighted weaknesses in the US approach to food safety.These incidents demonstrate how much is still left to do in order to mitigate food supply chainrisks, how important experienced, competent, qualified auditors are in the assessment andcertification process and the importance of moving away from snapshot-in-time style audits
and towards a process-based management systems approach to audits that look at thesystems and processes that organisations have in place.What steps should the FDA, as the government organisation who can single-handedlyinfluence the behaviour of organisations across the food supply, now take? A start could bethe acceptance and even insistence on industry developed, globally accepted standards andschemes. Following the GFSI lead, FSSC 22000 and ISO 22000 could be a very goodstarting point. The FDA has hinted at an accreditor type role (in other words, they would bethe gatekeeper for auditing bodies, ensuring that only competent auditors with relevantsector-specific experience are performing audits). Further, this would hold certification bodiesand registrars to a higher level of scrutiny and transparency than is currently the case. That,in turn, would help build confidence in the assessment process and in the resulting certificate.While a certificate on the wall will always be a part of the process, it need not be the end allbe all. Ensuring the effectiveness of the systems and processes that govern an organisationand making sure that risks are properly assessed and managed, that is the true value ofindependent assessment.Transformation - harmonisation of standardsGlobally, food has never been safer. Driven by food scares and a heightened focus on riskmitigation, there has been a move by Governments, manufacturers and retailers to join forcesand put independent third-party assessment and certification at the heart of food safety.Today’s global food supply chain is exponentially more complex than it was 50 years ago andyet, the food products that are grown, processed, packaged and sold in all corners of theglobe are significantly safer than they have ever been. That these apparently conflicting factscan simultaneously exist is largely an output of the collaboration and transparency that isbeing led by the most influential food manufacturers and retailers. Two particular areas haveworked together to bring this about; the first of these is the harmonisation of standards.Harmonised, robust food safety management system standards and schemes have broughtincreased transparency and best practise sharing across sectors and geographies.The Global Food Safety Initiative (GFSI) was formed in 2000 by leading global retailers andmanufacters specifically to address food safety issues and the lack of harmonisation in foodsafety standards and schemes. Together with the International Organisation forStandardisation (ISO), they have drive the move towards a manageable set of globallyaccepted management systems based standards and schemes. This move has benefitedsuppliers as well, driving down costs by significantly reducing the number of audits they haveto undergo, and ensuring the audits that take place are addressing potential risks. In 2004,ISO 22000, the first global food safety management system was issued. FSSC 22000, acomplete food safety certification scheme, was developed in 2010 to meet the needs of food
supply chain stakeholders. FSSC 22000 is owned by the Foundation for Food Safety thCertification, an independent, not-for-profit organisation. January 2012 marked the 1000FSSC 22000 certificate being issued.Through the harmonisation of standards, the market at large could now easily benchmarkagainst international standards and GFSI-recognised schemes such as ISO 22000 and FSSC22000As Mark Overland, Director for Global Certification at Cargill commented. “We are rolling outFSSC 22000 to over 1,000 plants in 67 countries. Having the same level of food safetyexecution at every plant is an expectation from our customers.”Along with the Foundation for Food Safety, both the GFSI and ISO have to be applauded asvery important initiatives. The GFSI’s work on harmonising standards and schemes hasresulted in there now being only 12 approved standards from a starting point of 100, this isclearly a significant achievement and we may expect the number will decrease in the future.Transformation – process based approachThe second area is that of an evolving assessment approach, one driven by the strategicneeds of clients and the technical expertise of auditors, which has led to a transition in therole of assessments and auditors. The days of “a single snapshot in time” checklist style isfading into the history books and is being replaced with dynamic process-based managementsystems audits. Delivered through auditor competency and sector specific expertise, theseaudits focus on the systems and processes that strategically underpin organisations and theirsupply chains, and it is this holistic approach that is gaining a foothold amongst retailers,manufacturers and suppliers.As LRQA client ACP Europe explains, food safety is embedded in their culture. As aspecialist in the provision of carbon dioxide, ACP cannot afford any food safety issues.“FSSC 22000 delivers a whole new approach to risk management and quality assurance,”explains Mr Speelmans, Safety Health Environmental Quality Manager “Through LRQABusiness Assurance, the whole network of interacting processes is assessed and monitoredthus providing greater assurance to both internal and external stakeholders and protecting ourbrand reputation.”Whilst FSSC may have come in for some criticism for being costly, the cost savings in realterms are potentially huge and the value of harmonisation is clearly supported by Wrigley, asubsidiary of Mars, Incorporated, who stated that, Wrigleys North American factories saw onaverage a 25-50% reduction of audits by retailers with the adoption of FSSC 22000.
In direct opposition to the holistic approach embedded into FSSC 22000, the certificationbody that undertook the audit at Jensen Farms which lies at the heart of the Lysteria outbreakcommented that “the audits are intended to assess whether the client’s operations are incompliance with current baseline industry standards—not to improve those standards or pusha client towards best practices.” This is a crucial difference with the management systemaudit approach where improvement and best practices are a significant part of the process.Transformation – auditor competencyA thorough and probing certification process can only be led by auditors with in-depthknowledge and sector-specific expertise who are able to help organisations minimise risks,improve systems and processes and delivers confidence for stakeholders throughout the foodsupply chain. Martin Bucknavage, member of the Department of Food Science atPennsylvania State University, reviewed two of the audits conducted at the Georgia PeanutFactory plant. His findings included: • Manufacturers need to be more critical of audits, including determining “What are the credentials of the auditor?” and • “Are they familiar with the type of processing operation they are auditing?” and finally • “Did they evaluate all of the risks associated with that type of operation and the type of product they make in performing the audit?”The integrity of the audits and the integrity of the certificate are of the utmost importance. AsCor Groenveld, Global Product Manager Food Services at LRQA recently commented; “I trulybelieve that these can only be delivered by a trained auditor who knows audit skills but alsowho knows the sector. I think that this is often a weak spot and we have seen too often withother companies in other certification bodies, that auditors do not have enough knowledge ofthe sector they are auditing so making sure that the auditor has that knowledge is crucial -that is a starting point.”The second thing that is really important is that an auditor has to ensure that he really looksin-depth at the corporate objectives and strategies and understands the vision of thecompany. From there the auditor needs to find out what are the real risks in the organisationand the processes and try to focus on these risks. It has to be a risk-based approach, which isthe only way that an auditor can do an effective audit. Essentially an effective auditor needs tobe bilingual – they need to be able to speak the language of the shop floor as well as that ofthe board room to achieve a complete understand of an organisation.Thirdly, the certification process has to be linked to driving improvement. Again, the technicalexpertise of the auditor and the certification has to support the company to drive continuousimprovement. An auditor can challenge the organisation, without being a consultant ofcourse, and support the organisation by doing a robust and an in-depth audit.
Finally, and with criticism being levied at the auditing process that sparked the CantaloupeLysteria outbreak last year, the point needs to be made that what happened at Jensen Farmswas a second party audit. There is widespread lack of understanding on the differencebetween a second party and a third party audit. The official definition according to the ndInternational Register of Certified Auditors (IRCA) is that a 2 Party Audit relates to audits ofcontractors/suppliers undertaken by or on behalf of a purchasing organisation. IRCA goes on rdto define 3 Party Audits as audits of organisations undertaken by an independentcertification body or registrar or similar third party organization. What happened at Jensen rd ndFarms was not a 3 party assessment but a 2 party audit because it was done to a Primusstandard not a certification standard or scheme.Transformation – the role of certificationThe responsibility for driving positive change across the food supply chain is not solely theresponsibility of regulators, retailers and manufacturers. Certification bodies have a vital roleto play in bringing confidence to the stakeholders of assessment and certification. Withorganisational objectives focused on delivering safe food, at LRQA, we take our responsibilityseriously as do many of our counterparts within the certification industry. We are activelydriving change by putting in place the mechanisms to effectively train our existing assessorsto ensure that their sector and technical expertise is maintained and enhanced. In parallel,we are continuing to invest in recruiting new assessors to ensure that we can meet the‘stakeholder demands of tomorrow.’But who governs the certification industry? Well, ISO/IEC 17021: 2011 - the standard forcertification bodies - ensure that the regional or country-specific accreditation bodies assessthe certification industry against a consistent standard. It has also extended the competencerequirements to encompass all staff engaged in the certification process. ISO/IEC 17021 hasclear benefits for certification bodies that are looking to set themselves apart through theirtransparency, expertise and independence. For these reasons ISO/IEC 17021 offerstangible, consistent benefits that translate into increased trust and confidence for allstakeholder groups.In parallel, there are many legislative controls in countries throughout the world that that addanother layer of protection for consumers in terms of regulating the food supply chain. YuriCosco, from LRQA explained further; “In Belgium, we have a system which is called SelfChecking Guides, which is government regulated. The different food sectors can set upguidelines that have to be used as a basis for the Food Safety Management System of thecompanies in the sector. The government then authorises CBs (after accreditation and thenecessary paperwork) to audit the companies with the specific guide as a basis. There areseveral advantages for the companies:
• Financial incentive (up to €15.000 per year) • Less government audits (which normally have to be paid) • For some sectors, it facilitates exportThis approach means that the government then can focus on companies that are notassessed by CBs, and that are thus considered as higher risk. The government has alreadydone studies that point out that companies having a certified system have fewernonconformities from the government during official inspections.Influential organisations in food are helping to position food safety management systemsfirmly on the corporate and regulatory agenda. LRQA’s key alliances with organisations suchas the GFSI and the Foundation for Food Safety will deliver added value to clients throughtechnical insight and enable us, along with other major certification bodies to extend theirsphere of influence. Referring to the calls by the FDA for reforms to third party auditing, VelPillay Food Safety Programme Manager LRQA Americas made an insightful remark; “There isa general lack of understanding in the difference between certification and accreditation. Ifwe take the FDA as an example; initially, the FDA indicated that they wanted to become acertification body to grant certification to third party auditors or audit body. They since have rdchanged their statement to becoming an accreditation body to certify 3 party auditors andaudit body. Fortunately there is a group of very powerful people from the industry currentlyworking with FDA to educate them on the role of audit bodies and as the FDA does not havethe resources to inspect all food manufacturing institutions, this may be a way of getting moreresources from the Government akin to the Belgium model.Commenting further on the calls for reform, Cor Groenveld, Global Product Manager for FoodServices at LRQA said; “Using GSFI recognized certification delivered by licensed andaccredited certification bodies is the way forward. Although certification will never be aguarantee things will not go wrong, the controls put in place by using GFSI and accreditationenlarges the level of integrity of the audits themselves and in turn the certification.”ConclusionAt LRQA, we believe that the auditing processes, which were essentially checklist driven,coupled with the alleged lack of relevant experience for the auditor were complicit inproducing a less than effective report, contributing indirectly to both the 2009 Peanut Factorycrisis, as well as the 2011 Jensen Farms crisis. The systems and processes of bothorganisations were clearly ineffective. A robust assessment approach, one that looked at theirsystems and processes, embedded continual improvement as a fundamental component andfeatured a risk-based methodology would certainly have mitigated the risks to all of the
stakeholders of both organisations to a greater extent, including, most importantly theconsumers whose lives and health were put at risk.LRQA have proactively worked with food safety stakeholders, including manufacturers,retailers, suppliers and industry experts to move the food sector away from a checklist basedapproach to auditing towards a process-based management systems approach. Thisapproach looks at the underlying systems and processes that organisations have in placerather than the ability of that plant or factory to convince an auditor on a given day that thatthey comply with a series of items on a checklist. But, it is not enough to have a strongstandard or scheme, organisations need registrars or certification bodies that; • offer auditors that have extensive experience and proven competence in the sectors they are auditing in • can provide a robust process based management systems approach to auditing • stand up to the client when non-conformities are found and finally • help the organisations being audited to reduce risks, improve food safety performance and link their food safety management systems objectives to their overall corporate objectives.What is clear is that organisations across the food supply chain, including some of the world’sleading manufacturers and retailers, are increasingly recognising the benefits of independentassessment and certification, not only in terms of the cost savings, but also in terms of thebenefits and value it brings. Those organisations that are prioritising potential auditor CV’sand certification body methodology’s and credentials rather than focusing on price have rdclearly understood what is at stake, as well as the benefits that independent, robust 3 partyassessment can offer. This approach is helping to drive consumer and other key stakeholderconfidence as well as ultimately helping to safeguard the lives of people around the world.On the road to food safety, this can only be seen as a positive step.END